Unix – Setup HTTPS virtual hosts


SSL is an essential part of creating a secure Apache site. SSL certificates allow you encrypt all the traffic sent to and from your Apache web site to prevent others from viewing all of the traffic. It uses public key cryptography to establish a secure connection. This means that anything encrypted with a public key (the SSL certificate) can only be decrypted with the private key (stored only on the server) and vice versa.

Note: If you have money to spend on trusted SSL certificate, great! buy it and go straight to step 2 ( i suggest you buy certificate, self-signed certificate is only good for development environment. if you use self-signed certificates for your production site, you audience will get bad warning message).

1.Generate Your Apache Self Signed Certificate
Remember to verify that OpenSSL is already installed on you computer. If it’s not there, you can install it with apt-get, yum or brew (for Mac OSX)
Once you have OpenSSL installed, just run this one command to create an Apache self signed certificate:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt

You will be prompted to enter your organizational information and a common name. The common name should be the fully qualified domain name for the site you are securing like this : www.mydomain.com (though you can use any name if you want). You can leave the email address, challenge password, and optional company name blank. When the command is finished running, it will create two files: a server.key file and a server.crt self signed certificate file valid for 365 days.

2.Install Your Certificate
Now, you just need to configure your Apache virtual host to use the SSL certificate. If you only have one Apache virtual host to secure and you have an ssl.conf (or httpd-ssl.conf) file being loaded, you can just edit that file. Otherwise, you will need to make a copy of the existing non-secure virtual host, paste it below, and change the port from port 80 to 443.
Open your Apache configuration file in a text editor. location of file can be different depend on operating system you’re using.

vi /etc/apache2/httpd.conf


vi /etc/httpd/httpd.conf

In most cases, you will find the <VirtualHost> blocks in a separate file in a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/. Add the lines in bold below.

<VirtualHost *:443>
DocumentRoot /var/www/website
ServerName www.domain.com
SSLEngine onhttps://ndthanh.net/wp-admin/post.php?post=596&action=edit&message=1
SSLCertificateFile /etc/ssl/crt/primary.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/intermediate.crt

Change the names of the files and paths to match your certificate files. Save the changes and exit the text editor.
3.Restart your Apache web server

use one of the following commands:

sudo apachectl restart

or ..

sudo service httpd restart

now you can access your site using https protocol.

Some things to remember:

  • In /etc/apache2/httpd.conf, make sure the SSL module is enabled
  • Enable httpd-ssl.conf or ssl.conf (CentOS) and place it before include virtual hosts command in httpd.conf
  • SSLEngine on & keys for each https site
  • NameVirtualHost can be used for both port 80 and 443 by placing NameVirtualHost *:80 and NameVirtualHost *:443, so every virtual host should use this <VirtualHost *:443>, don’t need to use some thing like this <VirtualHost www.mysite.com:443>
  • you can test you virtualhost config files syntax using ‘apachectl -t’ or ‘nginx configtest’